<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta content="Cask Data, Inc." name="author" />
<meta content="Copyright © 2017 Cask Data, Inc." name="copyright" />


    <meta name="git_release" content="6.1.1">
    <meta name="git_hash" content="05fbac36f9f7aadeb44f5728cea35136dbc243e5">
    <meta name="git_timestamp" content="2020-02-09 08:22:47 +0800">
    <title>Dataset Permissions</title>

    <link rel="stylesheet" href="../../_static/cdap-bootstrap.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/bootstrap-3.3.6/css/bootstrap.min.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/bootstrap-3.3.6/css/bootstrap-theme.min.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/css/bootstrap-sphinx.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/css/cdap-dynamicscrollspy-4.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/css/jquery.mCustomScrollbar.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/css/cdap-jquery.mCustomScrollbar.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/css/abixTreeList-2.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/cdap-bootstrap.css" type="text/css" />

    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '',
        VERSION:     '6.1.1',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  false
      };
    </script>
    <script type="text/javascript" src="../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../_static/doctools.js"></script>
    <script type="text/javascript" src="../../_static/language_data.js"></script>

    <link rel="shortcut icon" href="../../_static/favicon.ico"/>
    <link rel="index" title="Index" href="../../genindex.html" />
    <link rel="search" title="Search" href="../../search.html" />
    <link rel="top" title="Cask Data Application Platform 6.1.1 Documentation" href="../../index.html" />
    <link rel="up" title="Datasets" href="index.html" />
    <link rel="next" title="Cube Dataset" href="cube.html" />
    <link rel="prev" title="System and Custom Datasets" href="system-custom.html" />
    <!-- block extrahead -->
    <meta charset='utf-8'>
    <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
    <meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
    <meta name="apple-mobile-web-app-capable" content="yes">
    <!-- block extrahead end -->

</head>
<body role="document">

<!-- block navbar -->
<div id="navbar" class="navbar navbar-inverse navbar-default navbar-fixed-top">
    <div class="container-fluid">
      <div class="row">
        <div class="navbar-header">
          <!-- .btn-navbar is used as the toggle for collapsed navbar content -->
          <a class="navbar-brand" href="../../table-of-contents/../../index.html">
            <span><img alt="CDAP logo" src="../../_static/cdap_logo.svg"/></span>
          </a>

          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".nav-collapse">
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>

          <div class="pull-right">
            <div class="dropdown version-dropdown">
              <a href="#" class="dropdown-toggle" data-toggle="dropdown"
                role="button" aria-haspopup="true" aria-expanded="false">
                v 6.1.1 <span class="caret"></span>
              </a>
              <ul class="dropdown-menu">
                <li><a href="//docs.cdap.io/cdap/5.1.2/en/index.html">v 5.1.2</a></li>
                <li><a href="//docs.cdap.io/cdap/4.3.4/en/index.html">v 4.3.4</a></li>
              </ul>
            </div>
          </div>
          <form class="navbar-form navbar-right navbar-search" action="../../search.html" method="get">
            <div class="form-group">
              <div class="navbar-search-image material-icons"></div>
              <input type="text" name="q" class="form-control" placeholder="  Search" />
            </div>
            <input type="hidden" name="check_keywords" value="yes" />
            <input type="hidden" name="area" value="default" />
          </form>

          <div class="collapse navbar-collapse nav-collapse navbar-right navbar-navigation">
            <ul class="nav navbar-nav"><li class="docsite-nav-tab-container"><a class="docsite-nav-tab-link " href="../../table-of-contents/../../index.html">简介</a></li><li class="docsite-nav-tab-container"><a class="docsite-nav-tab-link current" href="../../table-of-contents/../../guides.html">手册</a></li><li class="docsite-nav-tab-container"><a class="docsite-nav-tab-link " href="../../table-of-contents/../../reference-manual/index.html">参考</a></li><li class="docsite-nav-tab-container"><a class="docsite-nav-tab-link " href="../../table-of-contents/../../faqs/index.html">帮助</a></li>
            </ul>
          </div>

        </div>
      </div>
    </div>
  </div><!-- block navbar end -->
<!-- block main content -->
<div class="main-container container">
  <div class="row"><div class="col-md-2">
      <div id="sidebar" class="bs-sidenav scrollable-y-outside" role="complementary">
<!-- theme_manual: developer-manual -->
<!-- theme_manual_highlight: guides -->
<!-- sidebar_title_link: ../../table-of-contents/../../guides.html -->

  <div role="note" aria-label="manuals links"><h3><a href="../../table-of-contents/../../guides.html">Guides</a></h3>

    <ul class="this-page-menu">
      <li class="toctree-l1"><a href="../../table-of-contents/../../user-guide/index.html" rel="nofollow">用户手册</a>
      </li>
      <li class="toctree-l1"><b><a href="../../table-of-contents/../../developer-manual/index.html" rel="nofollow">开发手册</a></b>
      <nav class="pagenav">
      <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../index.html"> 简介</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../getting-started/index.html"> 入门指南</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../getting-started/sandbox/index.html">CDAP Sandbox</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../../getting-started/sandbox/zip.html">二进制 Zip 文件</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../getting-started/sandbox/zip.html#cdap-sandbox">启动和停止 CDAP Sandbox</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../getting-started/sandbox/virtual-machine.html">虚拟机镜像</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../getting-started/sandbox/docker.html">Docker 镜像</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../getting-started/quick-start.html">快速入门</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../getting-started/dev-env.html">搭建开发环境</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../getting-started/start-stop-cdap.html">启动和停止 CDAP</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../getting-started/building-apps.html">构建并运行应用</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../overview/index.html"> 概述</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../overview/anatomy.html"> 大数据应用剖析</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../overview/modes.html"> 模式和组件</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../overview/abstractions.html"> 核心概念</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../overview/interfaces.html"> 编程接口</a></li>
</ul>
</li>
<li class="toctree-l1 current"><a class="reference internal" href="../index.html"> 抽象概念</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../core.html"> Core Abstractions</a></li>
<li class="toctree-l2"><a class="reference internal" href="../applications.html"> Applications</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="index.html"> Datasets</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="overview.html"> Overview</a></li>
<li class="toctree-l3"><a class="reference internal" href="table.html"> Table API</a></li>
<li class="toctree-l3"><a class="reference internal" href="fileset.html"> FileSets</a></li>
<li class="toctree-l3"><a class="reference internal" href="partitioned-fileset.html"> Partitioned FileSets</a></li>
<li class="toctree-l3"><a class="reference internal" href="time-partitioned-fileset.html"> TimePartitioned FileSets</a></li>
<li class="toctree-l3"><a class="reference internal" href="system-custom.html"> System and Custom Datasets</a></li>
<li class="toctree-l3 current"><a class="current reference internal" href="#"> Dataset Permissions</a></li>
<li class="toctree-l3"><a class="reference internal" href="cube.html"> Cube Dataset</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../mapreduce-programs.html"> MapReduce Programs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../plugins.html"> Plugins</a></li>
<li class="toctree-l2"><a class="reference internal" href="../schedules.html"> Schedules</a></li>
<li class="toctree-l2"><a class="reference internal" href="../secure-keys.html"> Secure Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="../services.html"> Services</a></li>
<li class="toctree-l2"><a class="reference internal" href="../spark-programs.html"> Spark Programs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../workers.html"> Workers</a></li>
<li class="toctree-l2"><a class="reference internal" href="../workflows.html"> Workflows</a></li>
<li class="toctree-l2"><a class="reference internal" href="../artifacts.html"> Artifacts</a></li>
<li class="toctree-l2"><a class="reference internal" href="../program-lifecycle.html"> Program Lifecycle</a></li>
<li class="toctree-l2"><a class="reference internal" href="../namespaces.html"> Namespaces</a></li>
<li class="toctree-l2"><a class="reference internal" href="../transaction-system.html"> Transaction System</a></li>
<li class="toctree-l2"><a class="reference internal" href="../transactional-messaging-system.html"> Transactional Messaging System</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../metadata/index.html"> 元数据</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../metadata/system-metadata.html"> System Metadata</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../metadata/discovery-lineage.html"> Discovery and Lineage</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../metadata/field-lineage.html"> Field Level Lineage</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../metadata/audit-logging.html"> Audit Logging</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../metadata/metadata-ui.html"> CDAP Metadata UI</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../metadata/programmatic-metadata.html"> Accessing metadata programmatically</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../pipelines/index.html"> 数据流管道</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../pipelines/concepts-design.html"> Concepts and Design</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../pipelines/getting-started.html"> Getting Started</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../pipelines/studio.html"> CDAP Studio</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../pipelines/creating-pipelines.html"> Creating Pipelines</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../pipelines/running-pipelines.html"> Running Pipelines</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../pipelines/plugin-management.html"> Plugin Management</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../pipelines/plugins/index.html"> Plugin Reference</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../../pipelines/plugins/actions/index.html"> Action Plugins</a><ul class="simple">
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../pipelines/plugins/sources/index.html"> Source Plugins</a><ul class="simple">
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../pipelines/plugins/transforms/index.html"> Transform Plugins</a><ul class="simple">
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../pipelines/plugins/analytics/index.html"> Analytic Plugins</a><ul class="simple">
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../pipelines/plugins/sinks/index.html"> Sink Plugins</a><ul class="simple">
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../pipelines/plugins/shared-plugins/index.html"> Shared Plugins</a><ul>
<li class="toctree-l4"><a class="reference internal" href="../../pipelines/plugins/shared-plugins/core.html">CoreValidator</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../pipelines/plugins/post-run-plugins/index.html"> Post-run Plugins</a><ul class="simple">
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../pipelines/developing-pipelines.html"> Developing Pipelines</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../pipelines/developing-plugins/index.html"> Developing Plugins</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../../pipelines/developing-plugins/plugin-basics.html">Plugin Basics</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../pipelines/developing-plugins/creating-a-plugin.html">Creating a Plugin</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../pipelines/developing-plugins/presentation-plugins.html">Plugin Presentation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../pipelines/developing-plugins/testing-plugins.html">Testing Plugins</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../pipelines/developing-plugins/packaging-plugins.html">Packaging Plugins</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../pipelines/how-cdap-pipelines-work.html"> How CDAP Pipelines Work</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../cloud-runtimes/index.html"> 云平台运行</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../cloud-runtimes/concepts/index.html"> Concepts</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../cloud-runtimes/provisioners/index.html"> Provisioners</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../../cloud-runtimes/provisioners/gcp-dataproc.html">Google Dataproc</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../cloud-runtimes/provisioners/aws-emr.html">Amazon Elastic MapReduce</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../cloud-runtimes/provisioners/remote-hadoop.html">Remote Hadoop</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../cloud-runtimes/profiles/index.html"> Profiles</a><ul>
<li class="toctree-l3"><a class="reference internal" href="../../cloud-runtimes/profiles/creating-profiles.html">Creating Profiles</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../cloud-runtimes/profiles/assigning-profiles.html">Assigning Profiles</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../cloud-runtimes/profiles/admin-controls.html">Admin Controls</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../cloud-runtimes/example/index.html"> Example</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../security/index.html"> 安全</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../security/client-authentication.html">Client Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security/cdap-authentication-clients-java.html">CDAP Authentication Client for Java</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security/cdap-authentication-clients-python.html">CDAP Authentication Client for Python</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security/custom-authentication.html">Custom Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../security/authorization-extensions.html">Authorization Extensions</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../testing/index.html"> 测试和调试</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../testing/testing.html"> Testing a CDAP Application</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../testing/debugging.html"> Debugging</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../testing/troubleshooting.html"> Troubleshooting</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../ingesting-tools/index.html"> 数据融合</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../ingesting-tools/cdap-stream-clients-java.html">CDAP Stream Client for Java</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../ingesting-tools/cdap-stream-clients-python.html">CDAP Stream Client for Python</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../ingesting-tools/cdap-stream-clients-ruby.html">CDAP Stream Client for Ruby</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../ingesting-tools/cdap-flume.html">CDAP Flume</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../data-exploration/index.html"> 数据探索</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../data-exploration/filesets.html"> Fileset Exploration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../data-exploration/tables.html"> Table Exploration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../data-exploration/object-mapped-tables.html"> ObjectMappedTable Exploration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../data-exploration/custom-datasets.html"> Custom Dataset Exploration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../data-exploration/hive-execution-engines.html"> Hive Execution Engines</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../advanced/index.html"> 高级主题</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../advanced/application-logback.html"> Application Logback</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../advanced/best-practices.html"> Best Practices</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../advanced/class-loading.html"> Class Loading</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../advanced/configuring-resources.html"> Configuring Program Resources</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../advanced/program-retry-policies.html"> Program Retry Policies</a></li>
</ul>
</li>
</ul>
</nav>
      </li>
      <li class="toctree-l1"><a href="../../table-of-contents/../../admin-manual/index.html" rel="nofollow">管理手册</a>
      </li>
      <li class="toctree-l1"><a href="../../table-of-contents/../../integrations/index.html" rel="nofollow">集成手册</a>
      </li>
      <li class="toctree-l1"><a href="../../table-of-contents/../../examples-manual/index.html" rel="nofollow">最佳实践</a>
      </li>
    </ul>
  </div></div>
    </div><div class="col-md-8 content" id="main-content">
    
  <div class="section" id="dataset-permissions">
<span id="datasets-permissions"></span><h1>Dataset Permissions<a class="headerlink" href="#dataset-permissions" title="Permalink to this headline">🔗</a></h1>
<p>In a multi-tenant environment, it is often necessary to control access to data. Datasets allow
for the control of access permissions through dataset properties. When a dataset is created, the
underlying storage resources (for example: directories or tables) are created with the
configured permissions. When data is added to a dataset (for example: a new file), the same
permissions are applied.</p>
<p>Due to the different characteristics of the underlying storage providers, permissions are
configured differently depending on the dataset type.</p>
<div class="section" id="fileset-permissions">
<h2>FileSet Permissions<a class="headerlink" href="#fileset-permissions" title="Permalink to this headline">🔗</a></h2>
<p>FileSets store their data as files and directories in the file system. The typical access
control used in file systems is by assigning different permissions to the file’s owner,
the file’s group, and all others. For example, in a Posix file system, the permission string:</p>
<div class="highlight-java notranslate"><div class="highlight"><pre><span></span><span class="n">rwxr</span><span class="o">-</span><span class="n">x</span><span class="o">---</span>
</pre></div>
</div>
<p>gives read, write, and execute permission to the owner, read and execute permissions to the group,
and no permissions to the rest of the world. This can also be expressed as a three-digit
octal number:</p>
<div class="highlight-java notranslate"><div class="highlight"><pre><span></span><span class="mi">750</span>
</pre></div>
</div>
<p>where each bit represents the presence or absence of a permission in the string representation.</p>
<p>A FileSet can be configured to set the group and permissions of all directories and files that
are created through its API:</p>
<div class="highlight-java notranslate"><div class="highlight"><pre><span></span><span class="n">createDataset</span><span class="p">(</span><span class="s">&quot;lines&quot;</span><span class="p">,</span> <span class="n">FileSet</span><span class="p">.</span><span class="na">class</span><span class="p">,</span> <span class="n">FileSetProperties</span><span class="p">.</span><span class="na">builder</span><span class="p">()</span>
  <span class="p">.</span><span class="na">setBasePath</span><span class="p">(</span><span class="s">&quot;example/data/lines&quot;</span><span class="p">)</span>
  <span class="p">.</span><span class="na">setFileGroup</span><span class="p">(</span><span class="s">&quot;subscribers&quot;</span><span class="p">)</span>
  <span class="p">.</span><span class="na">setFilePermissions</span><span class="p">(</span><span class="s">&quot;rwxr-x---&quot;</span><span class="p">)</span>
  <span class="p">.</span><span class="na">setInputFormat</span><span class="p">(</span><span class="n">TextInputFormat</span><span class="p">.</span><span class="na">class</span><span class="p">)</span>
  <span class="p">.</span><span class="na">setOutputFormat</span><span class="p">(</span><span class="n">TextOutputFormat</span><span class="p">.</span><span class="na">class</span><span class="p">)</span>
  <span class="p">.</span><span class="na">setDescription</span><span class="p">(</span><span class="s">&quot;Store input lines&quot;</span><span class="p">)</span>
  <span class="p">.</span><span class="na">build</span><span class="p">());</span>
</pre></div>
</div>
<p>This sets the group name to <code class="docutils literal notranslate"><span class="pre">subscribers</span></code> and permits all members of that group to read
files and directories (the execute bit—<code class="docutils literal notranslate"><span class="pre">x</span></code>—is required to operate on a directory).
Any files created through this FileSet will now have these permissions. For example:</p>
<div class="highlight-java notranslate"><div class="highlight"><pre><span></span><span class="n">location</span> <span class="o">=</span> <span class="n">fileset</span><span class="p">.</span><span class="na">getLocation</span><span class="p">(</span><span class="n">path</span><span class="p">);</span>
<span class="k">try</span> <span class="p">(</span><span class="n">OutputStream</span> <span class="n">out</span> <span class="o">=</span> <span class="n">location</span><span class="p">.</span><span class="na">getOutputStream</span><span class="p">)</span> <span class="p">{</span>
   <span class="p">...</span>
<span class="p">}</span>
</pre></div>
</div>
<p>This will create a new file at the requested path with the permissions and group name
configured in the dataset properties.</p>
<p>Similarly, if you write to the FileSet using a MapReduce program, the output directories
and files will have the proper permissions, except that—by convention—Hadoop
removes the execute bits from plain files, and it sets the parent directory’s group name
for all new files it creates.</p>
<p>If a MapReduce program has multiple output datasets that each configure their own permissions,
then we encounter a limitation in MapReduce: it only allows a single set of permissions for
each of its tasks. If the permissions of the output FileSets differ, then it is hard to predict
which one will prevail—every mapper or reducer might even apply a different one. Therefore,
CDAP applies this heuristic:</p>
<ul class="simple">
<li>If all output datasets specify the same permissions, then these permissions are used.</li>
<li>If at least two of the output datasets specify different permissions, then the default permissions
of the file system are used (and a warning is issued in the log).</li>
</ul>
<p>To circumvent this, you can set a fixed set of permissions in the job configuration, by setting
the file system’s <code class="docutils literal notranslate"><span class="pre">umask</span></code>:</p>
<div class="highlight-java notranslate"><div class="highlight"><pre><span></span><span class="nd">@Override</span>
<span class="kd">public</span> <span class="kt">void</span> <span class="nf">initialize</span><span class="p">()</span> <span class="kd">throws</span> <span class="n">Exception</span> <span class="p">{</span>
  <span class="n">MapReduceContext</span> <span class="n">context</span> <span class="o">=</span> <span class="n">getContext</span><span class="p">();</span>
  <span class="n">Job</span> <span class="n">job</span> <span class="o">=</span> <span class="n">context</span><span class="p">.</span><span class="na">getHadoopJob</span><span class="p">();</span>
  <span class="n">job</span><span class="p">.</span><span class="na">getConfiguration</span><span class="p">().</span><span class="na">set</span><span class="p">(</span><span class="n">FsPermission</span><span class="p">.</span><span class="na">UMASK_LABEL</span><span class="p">,</span> <span class="s">&quot;027&quot;</span><span class="p">);</span> <span class="c1">// &quot;fs.permissions.umask-mode&quot;</span>
  <span class="n">context</span><span class="p">.</span><span class="na">addOutput</span><span class="p">(</span><span class="n">Output</span><span class="p">.</span><span class="na">of</span><span class="p">(</span><span class="s">&quot;fileset1&quot;</span><span class="p">,</span> <span class="p">...));</span>
  <span class="n">context</span><span class="p">.</span><span class="na">addOutput</span><span class="p">(</span><span class="n">Output</span><span class="p">.</span><span class="na">of</span><span class="p">(</span><span class="s">&quot;fileset2&quot;</span><span class="p">,</span> <span class="p">...));</span>
  <span class="p">...</span>
<span class="p">}</span>
</pre></div>
</div>
<p>This will override any permissions configured for output datasets. Be aware that the <code class="docutils literal notranslate"><span class="pre">umask</span></code> is
the inverse of a file permission: the above <code class="docutils literal notranslate"><span class="pre">umask</span></code> of <code class="docutils literal notranslate"><span class="pre">027</span></code> translates into file
permissions of <code class="docutils literal notranslate"><span class="pre">750</span></code> or <code class="docutils literal notranslate"><span class="pre">rwxr-x---</span></code>.</p>
</div>
<div class="section" id="table-permissions">
<h2>Table Permissions<a class="headerlink" href="#table-permissions" title="Permalink to this headline">🔗</a></h2>
<p>Table-based datasets are typically backed by HBase as the storage provider. HBase controls
access by granting privileges explicitly to users and groups. This is more flexible than
Unix-style file system permissions, as it allows a fine-grained control over multiple
groups or individual users.</p>
<p>To configure permissions for a Table dataset, set them in the dataset properties:</p>
<div class="highlight-java notranslate"><div class="highlight"><pre><span></span><span class="n">createDataset</span><span class="p">(</span><span class="s">&quot;myTable&quot;</span><span class="p">,</span> <span class="n">Table</span><span class="p">.</span><span class="na">class</span><span class="p">,</span> <span class="n">TableProperties</span><span class="p">.</span><span class="na">builder</span><span class="p">()</span>
  <span class="p">.</span><span class="na">setTTL</span><span class="p">(</span><span class="mi">100000</span><span class="p">)</span>
  <span class="p">.</span><span class="na">setTablePermissions</span><span class="p">(</span><span class="n">ImmutableMap</span><span class="p">.</span><span class="na">of</span><span class="p">(</span><span class="s">&quot;joe&quot;</span><span class="p">,</span> <span class="s">&quot;rwa&quot;</span><span class="p">,</span> <span class="s">&quot;@subscribers&quot;</span><span class="p">,</span> <span class="s">&quot;r&quot;</span><span class="p">))</span>
  <span class="p">.</span><span class="na">build</span><span class="p">());</span>
</pre></div>
</div>
<p>This gives user <code class="docutils literal notranslate"><span class="pre">joe</span></code> read, write, and administration rights, while all members of the
group <code class="docutils literal notranslate"><span class="pre">subscribers</span></code> can only read. Other privileges you can assign are <code class="docutils literal notranslate"><span class="pre">c</span></code> (for create)
and <code class="docutils literal notranslate"><span class="pre">x</span></code> (for execute rights); see the <a class="reference external" href="http://hbase.apache.org/book.html#hbase.accesscontrol.configuration">Apache HBase™ documentation</a> for more details.</p>
</div>
<div class="section" id="partitionedfileset-permissions">
<h2>PartitionedFileSet Permissions<a class="headerlink" href="#partitionedfileset-permissions" title="Permalink to this headline">🔗</a></h2>
<p>Partitioned file sets and Time-partitioned file sets are a hybrid of a Table to store partition
metadata and a FileSet to store the partition data (that is, files). You can set both Table
permissions and FileSet permissions in the dataset properties for these dataset types, and they
will be applied to the partition table and the file system data, respectively.</p>
</div>
</div>

</div>
    <div class="col-md-2">
      <div id="right-sidebar" class="bs-sidenav scrollable-y" role="complementary">
        <div id="localtoc-scrollspy">
        </div>
      </div>
    </div></div>
</div>
<!-- block main content end -->
<!-- block footer -->
<footer class="footer">
      <div class="container">
        <div class="row">
          <div class="col-md-2 footer-left"><a title="System and Custom Datasets" href="system-custom.html" />Previous</a></div>
          <div class="col-md-8 footer-center"><a class="footer-tab-link" href="../../table-of-contents/../../reference-manual/licenses/index.html">Copyright</a> &copy; 2014-2020 Cask Data, Inc.&bull; <a class="footer-tab-link" href="//docs.cask.co/cdap/6.1.1/cdap-docs-6.1.1-web.zip" rel="nofollow">Download</a> an archive or
<a class="footer-tab-link" href="//docs.cask.co/cdap">switch the version</a> of the documentation
          </div>
          <div class="col-md-2 footer-right"><a title="Cube Dataset" href="cube.html" />Next</a></div>
        </div>
      </div>
    </footer>
<!-- block footer end -->
<script type="text/javascript" src="../../_static/bootstrap-3.3.6/js/bootstrap.min.js"></script><script type="text/javascript" src="../../_static/js/bootstrap-sphinx.js"></script><script type="text/javascript" src="../../_static/js/abixTreeList-2.js"></script><script type="text/javascript" src="../../_static/js/cdap-dynamicscrollspy-4.js"></script><script type="text/javascript" src="../../_static/js/cdap-version-menu.js"></script><script type="text/javascript" src="../../_static/js/copy-to-clipboard.js"></script><script type="text/javascript" src="../../_static/js/jquery.mousewheel.min.js"></script><script type="text/javascript" src="../../_static/js/jquery.mCustomScrollbar.js"></script><script type="text/javascript" src="../../_static/js/js.cookie.js"></script><script type="text/javascript" src="../../_static/js/tabbed-parsed-literal-0.2.js"></script><script type="text/javascript" src="../../_static/js/cdap-onload-javascript.js"></script><script type="text/javascript" src="../../_static/js/cdap-version-menu.js"></script>
    <script src="https://cdap.gitee.io/docs/cdap/json-versions.js"/></script>
  </body>
</html>